Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,911 questions
MSFT Azure Function App not sending emails via Graph API (works on desktop)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 82%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETM%3C/text%3E%3C/svg%3E)
Timothy Marsh - MS Cloud
1
Reputation point
Hi there.
I'm trying to send emails from an Azure Function App via MS Graph API using client credentials workflow and Application permissions. (SMTP relay/Sendgrid etc is not an option for our organisation).
Basically the app detects a file landing in a storage account, triggers the app and fires the email.
The app works on my desktop in VS Code as expected. I am on a corporate network behind a proxy.
However, on testing in the FA in Azure, although we get a successful invocation, no email is sent - our EO mailbox logs show nothing received.
Here's the log from the FA Monitor.
2022-06-09T02:40:44.016 [Information] Executing 'Functions.email-via-graph-api' (Reason='New blob detected: failed/2022-05-18_15h41m00s_0266201111_0266207713_2.pdf', Id=c11e670f-423a-4427-af8d-b11d61192bce)
2022-06-09T02:40:44.016 [Information] Trigger Details: MessageId: 235a0fba-0210-46b9-a82b-50a4a858a490, DequeueCount: 1, InsertionTime: 2022-06-09T02:40:43.000+00:00, BlobCreated: 2022-06-07T03:15:04.000+00:00, BlobLastModified: 2022-06-09T02:40:35.000+00:00
2022-06-09T02:40:44.046 [Information] BEGIN: Sending email for failed referral via Graph API.
2022-06-09T02:40:44.046 [Information] Blob Name: 2022-05-18_15h41m00s_0266201111_0266207713_2.pdf
2022-06-09T02:40:44.046 [Information] Blob URI: https://STORAGEACCOUNTNAME.blob.core.windows.net/failed/2022-05-18_15h41m00s_0266201111_0266207713_2.pdf
2022-06-09T02:40:44.047 [Information] Executed 'Functions.email-via-graph-api' (Succeeded, Id=c11e670f-423a-4427-af8d-b11d61192bce, Duration=44ms)
If I look at Application Insights I can see the token call and Graph call.
Here's the setup:
- We have Application Permissions for mail.send against the AD App.
- We have 2 email accounts (a service/automation account and Exchange Online generic account) in a mail group allowed to access the AD App->Graph API FA. The Service Account is permitted to send as/on behalf of the EO account.
- Our FA is attached to a VNET, route-all set true
- All internal-destined traffic routes internally (and these are all internal alert emails to our own domain ie sending and receiving all on same domain)
- Our public/outbound traffic is VNET NAT'd to a /30 public prefix.
- Our NSG and proxy allow out SMTP (any to any) on ports 25 and 587 plus the IPV4 subnets from item 56 here
- The FA is on a private endpoint as are storage accounts.
- The call via axios is below. Again, this works on the desktop.
Axios call. Backticks changed to " in relevant places.
try {
console.log(JSON.stringify(email, null, 2));
const response = await axios({
url: "${GRAPH_ENDPOINT}/v1.0/users/${FROM_ADDRESS}/sendMail",
method: "POST",
headers: {
"Authorization": "Bearer ${access_token}",
"Content-Type": "application/json",
},
data: JSON.stringify(email),
});
Any guidance would be very much appreciated.
Azure Functions
Microsoft Security | Microsoft Graph
13,723 questions
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 33%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
MughundhanRaveendran-MSFT 12,506 Reputation points2022-07-13T04:09:29.107+00:00 @Timothy Marsh - MS Cloud , This needs in-depth troubleshooting so I would suggest you to open a support ticket with Microsoft support. Please let me know if you dont have a support plan
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 18%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETM%3C/text%3E%3C/svg%3E)
Tim Marsh (AU) 6 Reputation points2022-07-27T03:48:10.653+00:00 This is now working. However I don't have an explanation for why that it is. There seems to be some kind of delay between deployment of code and then it actually being the code base that's used by the FA.
I can actually replicate that in other calls in the code (to an API for example). When I run the code in VS Code I need to use a proxy when I make API calls to outside our organisation, and obviously if I deploy that code with proxy to FA, the FA won't work (as it is not going to use the proxy). If I remove the proxy and redeploy it takes about 5 mins for that change to take effect.
Utterly puzzling, though, why the Graph API call wasn't working at all for a day or so.
Sign in to comment
Sign in to answer